Researchers from Security Explorations are experts when it comes to finding critical vulnerabilities in Java. They claim to have identified another flaw that affects all Oracle Java SE versions and the nearly one billiondesktop computers on which the software is currently installed.

This bug, codenamed issue 50, has been identified just before the start of Oracle’s JavaOne 2012 conference that will take place in San Francisco.

“The impact of this issue is critical - we were able to successfully exploit it and achieve a complete Java security sandbox bypass in the environment of Java SE 5, 6 and 7,” Adam Gowdiak, CEO of Security Explorations, told Softpedia via email.

“So far, we could only claim such an impact with reference to Java 7 environment (the Apple QuickTime attack relying on Issues 15 and 22 is the only exception here).”

According to Gowdiak, the vulnerability can be leveraged by an attacker to “violate a fundamental security constraint” of Java Virtual Machines.

The company has provided Oracle with a complete technical description of the flaw, along with source and binary codes, and a proof of concept that demonstrates the complete security sandbox bypass in Java SE 5, 6 and 7.

“We hope that a news about one billion users of Oracle Java SE software being vulnerable to yet another security flaw is not gonna spoil the taste of Larry Ellison's morning...Java,” the CEO concluded.

Now, it remains to be seen if Oracle will be able to address this issue by the time the October CPU is released.